Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Passive client, multicast, and WLC configuration


I need to implement multicast for passive clients on a network which is in use.

It is composed of 2 WLC 2504 (7.4) in mobility group.

Routing & Firewalling is done by ASA 5585.

Switches are 2960.

After doc study, I defined a configuration, and I prefer to ask for advices in case of I forgot something or I'm wrong on others.

1. Delete AP & SSID from AP Group ("The passive client feature is not supported with the AP groups and FlexConnect centrally switched


2. Broadcast the SSID only on this AP.

3. Enable multicast-multicast with for 1st WLC, and for 2nd WLC

4. Enable multicast global mode for both WLCs

5. Enable IGMP Snooping global mode for both WLCs

6. Enable Passive Client on the SSID

7. Disable Require DHCP on the SSID

8. Disable Proxy DHCP global mode for both WLCs

That's all.

Is there a config to do on the ASA, on the switches ? (ip pim sparse-dense, etc...)

Thank yo ufor your help.



Passive client, multicast, and WLC configuration

Hi mate,

Do you really need passive clients using multicast in the first place? While this might not seem complicated, without any multicast experience could give yourself some headache.

Basically if you follow this config you will be able to cover most of the WLC part. As multicast packets will travel inside the same VLAN (if anyone else can correct me), I don't see any config needed on your ASA.

Only on switches, you could add the global command: ip igmp snooping.

Community Member

Passive client, multicast, and WLC configuration

Yes I need passive clients.

The customer WLAN network is composed of groups of equipements:

For each group there is an AXIS wireless modem which is in bridge mode.

It do association & authentication with WPA2 key, then 802.1x MSCHAPv2 credentials.

Behind the AXIS, there are 4 equipements in static IP adress, which have to contact 4 different servers.

Currently, authentication with radius server are good only for 30% of groups, and for us, only one equipement have connectivity on the network, the 3 others cannot contact their servers located on wired network.

CreatePlease to create content